diff --git a/error_codes.txt b/error_codes.txt new file mode 100644 index 0000000..b08f376 --- /dev/null +++ b/error_codes.txt @@ -0,0 +1,7 @@ +400: generic error / unsorted +402: login error (bad cookie) +403: login error (no cookie) +404: invalid url / not found +410-419: argument/data error + +500: server error \ No newline at end of file diff --git a/extra_modules/unsign.js b/extra_modules/unsign.js index 9f109ea..29282f4 100644 --- a/extra_modules/unsign.js +++ b/extra_modules/unsign.js @@ -26,14 +26,14 @@ function unsign(text, req, res) { function getunsigned(req, res) { let cookie = req.cookies.AUTH_COOKIE; if (!cookie) { - res.status(400); + res.status(403); res.json({ "error": "you are not logged in! (no cookie)" }); return; } let unsigned = unsign(cookie, req, res); if (!unsigned) { try { - res.status(400); + res.status(402); res.json({ "error": "Bad auth cookie set" }); } catch (ignored) { } //sometimes it errors, gotta debug soon diff --git a/routes/api/all.js b/routes/api/all.js index 057e93d..f45eeb0 100644 --- a/routes/api/all.js +++ b/routes/api/all.js @@ -61,7 +61,7 @@ export const setup = function (router, con, server) { next(); } else { - res.status(400); + res.status(402); res.json({ "error": "you cannot access the api without being logged in" }); } }); diff --git a/routes/api/dms/PersonalMessages.js b/routes/api/dms/PersonalMessages.js index 324cb90..b7b4bb2 100644 --- a/routes/api/dms/PersonalMessages.js +++ b/routes/api/dms/PersonalMessages.js @@ -5,7 +5,7 @@ export const setup = function (router, con, server) { res.set("Access-Control-Allow-Origin", ""); let otherperson = encodeURIComponent(req.query.otherperson || ""); if (typeof otherperson != "string" || otherperson.length > 100 || otherperson == "") { - res.status(400).json({ "error": "invalid otherperson given" }); + res.status(410).json({ "error": "invalid otherperson given" }); return; } const columns = [ @@ -14,7 +14,7 @@ export const setup = function (router, con, server) { //dms_user_name = sender //dms_receiver = receiver //if (sender == current and receiver == other) or (receiver == current and sender == other) - let sql = `select ${columns.join(",")} from ipost.dms where ((dms_receiver = ? and dms_user_name = ?) or (dms_receiver = ? and dms_user_name = ?)) order by dms_id desc;`; + let sql = `select ${columns.join(",")} from ipost.dms where ((dms_receiver = ? and dms_user_name = ?) or (dms_receiver = ? and dms_user_name = ?)) order by dms_id desc limit 50;`; con.query(sql, [otherperson, encodeURIComponent(res.locals.username), encodeURIComponent(res.locals.username), otherperson], function (err, result) { if (err) throw err; diff --git a/routes/api/dms/post.js b/routes/api/dms/post.js index dee6a8b..870c930 100644 --- a/routes/api/dms/post.js +++ b/routes/api/dms/post.js @@ -22,18 +22,22 @@ export const setup = function (router, con, server) { }); router.post("/api/dms/post", function (req, res) { if (!req.body.message) { + res.status(410) res.json({ "error": "no message to post" }); return; } if ((typeof req.body.message) != "string") { + res.status(411) res.json({ "error": "no message to post" }); return; } if ((typeof req.body.pid) != "string") { + res.status(412) res.json({ "error": "no pid given" }); return; } if (req.body.pid.length != 10 || PIDS[req.body.pid] !== true) { + res.status(413) res.json({ "error": "invalid pid given" }); return; } @@ -46,33 +50,41 @@ export const setup = function (router, con, server) { reply_id = req.body.reply_id; } if ((typeof reply_id) != "number") { + res.status(414) res.json({ "error": "no valid reply id given" }); return; } if (req.body.message.length > 1000) { + res.status(415) res.json({ "error": "message too long" }); return; } req.body.message = encodeURIComponent(req.body.message.trim()); if (req.body.message.length > 3000) { + res.status(416) res.json({ "error": "message too long" }); //check again after URI encoding it return; } req.body.receiver = encodeURIComponent(req.body.receiver || ""); if (req.body.receiver == "" || req.body.receiver == encodeURIComponent(res.locals.username) || req.body.receiver.length > 100) { - res.status(400).json({ "error": "invalid receiver given" }); + res.status(417).json({ "error": "invalid receiver given" }); return; } let otherperson = req.body.receiver; if (!req.body.message) { + res.status(418) res.json({ "error": "no message to post" }); return; } let sql = `insert into ipost.dms (dms_user_name,dms_text,dms_time,dms_receiver,dms_from_bot,dms_reply_id) values (?,?,?,?,?,?);`; let values = [encodeURIComponent(res.locals.username), req.body.message, Date.now(), otherperson, res.locals.isbot, reply_id]; con.query(sql, values, function (err, result) { - if (err) - throw err; + if (err) { + res.status(500) + res.json({"error":"there's been an internal error"}) + console.error(err) + return; + } // let post_obj = { // post_user_name: encodeURIComponent(res.locals.username), // post_text: req.body.message, diff --git a/routes/api/post.js b/routes/api/post.js index 84bef34..549ebd8 100644 --- a/routes/api/post.js +++ b/routes/api/post.js @@ -20,18 +20,22 @@ export const setup = function (router, con, server) { }); router.post("/api/post", function (req, res) { if (!req.body.message) { + res.status(410) res.json({ "error": "no message to post" }); return; } if ((typeof req.body.message) != "string") { + res.status(411) res.json({ "error": "no message to post" }); return; } if ((typeof req.body.pid) != "string") { + res.status(412) res.json({ "error": "no pid given" }); return; } if (req.body.pid.length != 10 || PIDS[req.body.pid] !== true) { + res.status(413) res.json({ "error": "invalid pid given" }); return; } @@ -46,20 +50,24 @@ export const setup = function (router, con, server) { if(typeof reply_id == "string") { reply_id = parseInt(reply_id) if(isNaN(reply_id)) { + res.status(414) res.json({ "error": "no valid reply id given" }); return; } } if ((typeof reply_id) != "number") { + res.status(415) res.json({ "error": "no valid reply id given" }); return; } if (req.body.message.length > 1000) { + res.status(416) res.json({ "error": "message too long" }); return; } req.body.message = encodeURIComponent(req.body.message.trim()); if (req.body.message.length > 3000) { + res.status(417) res.json({ "error": "message too long" }); //check again after URI encoding it return; } @@ -67,14 +75,19 @@ export const setup = function (router, con, server) { if (req.body.receiver == "") req.body.receiver = "everyone"; if (!req.body.message) { + res.status(418) res.json({ "error": "no message to post" }); return; } let sql = `insert into ipost.posts (post_user_name,post_text,post_time,post_receiver_name,post_from_bot,post_reply_id) values (?,?,?,?,?,?);`; let values = [encodeURIComponent(res.locals.username), req.body.message, Date.now(), req.body.receiver, res.locals.isbot, reply_id]; con.query(sql, values, function (err, result) { - if (err) - throw err; + if (err){ + res.status(500) + res.json({"error":"there's been an interal error"}) + console.error(err) + return; + } let post_obj = { post_user_name: encodeURIComponent(res.locals.username), post_text: req.body.message, diff --git a/routes/api/settingshandler.js b/routes/api/settingshandler.js index 6ab6769..764f1f0 100644 --- a/routes/api/settingshandler.js +++ b/routes/api/settingshandler.js @@ -7,10 +7,12 @@ export const setup = function (router, con, server) { }); router.post("/api/settings", function (req, res) { if (!req.body.setting) { + res.status(410) res.json({ "error": "no setting to change" }); return; } if ((typeof req.body.setting) != "string") { + res.status(411) res.json({ "error": "no setting to change" }); return; } @@ -25,6 +27,7 @@ export const setup = function (router, con, server) { } if (!allowed) { console.log(5, "incorrect type given, received, expected", typeof req.body.value, allowed_settings[req.body.setting]); + res.status(412) res.json({ "error": "no new setting value given" }); return; } @@ -36,6 +39,7 @@ export const setup = function (router, con, server) { let values = [JSON.stringify(res.locals.settings), res.locals.username]; con.query(sql, values, function (err, result) { if (err) { + res.status(500) res.json({ "status": "error", "code": err }); return; } diff --git a/server.js b/server.js index 19dda0f..4a1325e 100644 --- a/server.js +++ b/server.js @@ -465,7 +465,7 @@ const get_dmpid = dmspostsetup(router, con, commonfunctions); router.get("/api/getFileIcon/*",async function(req,res){ let path = req.path.split("/api/getFileIcon/")[1] if(path.length > 4) { - res.status(400).json({"error":"file ending is too long"}) + res.status(410).json({"error":"file ending is too long"}) return; } addTextOnImage(path,await sharp("./images/empty_file.png").toBuffer()).then(buf => { @@ -511,16 +511,16 @@ router.get("/api/search", function (req, res) { router.post("/api/setavatar", function (req, res) { res.set("Access-Control-Allow-Origin", ""); if (!req.files || Object.keys(req.files).length === 0) { - return res.status(400).send('No files were uploaded. (req.files)'); + return res.status(410).send('No files were uploaded. (req.files)'); } let avatar = req.files.avatar; if (!avatar) { - return res.status(400).send('No files were uploaded. (req.files.)'); + return res.status(411).send('No files were uploaded. (req.files.)'); } let DOSbuf = Buffer.from('ffd8ffc1f151d800ff51d800ffdaffde', 'hex'); //causes DOS if (avatar.data.includes(DOSbuf)) { console.log(3, "DOS image was caught"); - return res.status(400).send('No files were uploaded. (req.files.)'); + return res.status(412).send('No files were uploaded. (req.files.)'); } //DOS introduced through jimp (uses jpeg-js) const avatars = __dirname + '/avatars/'; @@ -573,7 +573,7 @@ router.get("/api/getalluserinformation", function (req, res) { res.json(result[0]); } else { - res.status(400); + res.status(402); res.json({ "error": "you cannot access the api without being logged in" }); } }); @@ -664,13 +664,13 @@ router.post("/api/setBio", function (req, res) { res.set("Access-Control-Allow-Origin", ""); let bio = req.body.Bio; if (!bio) { - res.status(400); + res.status(410); res.json({ "error": "no bio set!" }); return; } bio = encodeURIComponent(bio); if (bio.length > 100) { - res.status(400); + res.status(411); res.json({ "error": "the bio is too long!" }); return; } @@ -692,7 +692,7 @@ router.post("/api/changePW", function (req, res) { return; } if (req.body.newPW.length < 10) { - res.status(400); + res.status(410); res.json({ "error": "password is too short" }); return; } @@ -729,22 +729,22 @@ router.post("/api/changePW", function (req, res) { router.post("/api/changeUsername", function (req, res) { res.set("Access-Control-Allow-Origin", ""); if ((typeof req.body.newUsername) != "string") { - res.status(400); + res.status(410); res.json({ "error": "incorrect username" }); return; } if ((typeof req.body.currentPW) != "string") { - res.status(400); + res.status(411); res.json({ "error": "incorrect password" }); return; } if (req.body.newUsername.length > 100) { - res.status(400); + res.status(412); res.json({ "error": "username is too long" }); return; } if (req.body.newUsername == res.locals.username) { - res.status(400); + res.status(413); res.json({ "error": "username can't be the current one" }); return; } @@ -1012,10 +1012,12 @@ router.post("/register", function (req, res) { } res.status(200); if ((typeof req.body.user) != "string") { + res.status(416); res.json({ "error": "incorrect username" }); return; } if ((typeof req.body.pass) != "string") { + res.status(417); res.json({ "error": "incorrect password" }); return; } @@ -1023,39 +1025,39 @@ router.post("/register", function (req, res) { username = username.replace(/\s/gi, ""); let password = req.body.pass.toString(); if (!username) { - res.status(400); + res.status(410); res.redirect("/register?success=false&reason=username"); return; } if (username == "") { - res.status(400); + res.status(411); res.redirect("/register?success=false&reason=username"); return; } if (password.length < 10) { - res.status(400); + res.status(412); res.send("password is too short"); return; } if (username.length > 25) { - res.status(400); + res.status(413); res.send("username is too long"); return; } if (username.search("@") != -1) { - res.status(400); + res.status(414); res.send("username can't contain @-characters"); return; } if (!password) { - res.status(400); + res.status(415); res.redirect("/register?success=false&reason=password"); return; } let userexistssql = `SELECT User_Name from ipost.users where User_Name = ?`; con.query(userexistssql, [encodeURIComponent(username)], function (error, result) { if (result && result[0] && result[0].User_Name) { - res.status(400); + res.status(418); res.redirect("/register?success=false&reason=already_exists"); return; } @@ -1083,20 +1085,22 @@ router.post("/login", function (req, res) { return; //login is counted twice (think of bruteforces man) if ((typeof req.body.user) != "string") { + res.status(416); res.json({ "error": "incorrect username" }); return; } if ((typeof req.body.pass) != "string") { + res.status(417); res.json({ "error": "incorrect password" }); return; } if (!req.body.user) { - res.status(400); + res.status(410); res.send("no username given"); return; } if (!req.body.pass) { - res.status(400); + res.status(411); res.send("no password given"); return; } @@ -1104,22 +1108,22 @@ router.post("/login", function (req, res) { username = username.replace(" ", ""); let password = req.body.pass.toString(); if (!username) { - res.status(400); + res.status(412); res.send("no username given"); return; } if (username.length > 25) { - res.status(400); + res.status(413); res.send("username is too long"); return; } if (password.length < 10) { - res.status(400); + res.status(414); res.send("password is too short"); return; } if (!password) { - res.status(400); + res.status(415); res.send("no password given"); return; }